A new vulnerability associated with RSA cryptography has been found, which works by spying the CPU internals with a spy program running on the same computer as the crypto application. Dedicated systems (like CAcert´s certificate generation) are not affected, only multi-tasking and multi-user systems are affected.
A New Vulnerability In RSA Cryptography
Posted by kdawson on Saturday November 18, @04:45PM
from the predictions-of-trouble dept.
romiz writes, “Branch Prediction Analysis is a recent attack vector
against RSA public-key cryptography on personal computers that relies
on timing measurements to get information on the bits in the private
key. However, the method is not very practical because it requires
many attempts to obtain meaningful information, and the current
OpenSSL implementation now includes protections against those attacks.
However, German cryptographer Jean-Pierre Seifert has announced a
new method called Simple Branch Prediction Analysis that is at the
same time much more efficient that the previous ones, only needs a
single attempt, successfully bypasses the OpenSSL protections, and
should prove harder to avoid without a very large execution penalty.”
From the article: “The successful extraction of almost all secret key
bits by our SBPA attack against an openSSL RSA implementation proves
that the often recommended blinding or so called randomization
techniques to protect RSA against side-channel attacks are, in the
context of SBPA attacks, totally useless.” Le Monde interviewed
Seifert (in French, but Babelfish works well) and claims that the
details of the SBPA attack are being withheld; however, a PDF of the
paper is linked from the ePrint abstract.